Skip to content

fix: do not signal onComplete when the incoming buffer length is less than the cipher block#209

Merged
kessplas merged 2 commits into
mainfrom
buffer-block-size
Mar 19, 2024
Merged

fix: do not signal onComplete when the incoming buffer length is less than the cipher block#209
kessplas merged 2 commits into
mainfrom
buffer-block-size

Conversation

@kessplas

@kessplas kessplas commented Mar 15, 2024

Copy link
Copy Markdown
Contributor

Issue #, if available: #185

Description of changes: The current implementation of the CipherSubscriber incorrectly assumes that the incoming ByteBuffer will only contain fewer bytes than the block cipher when it is the final block. In fact, the incoming ByteBuffer could have fewer bytes in cases where e.g. the networking conditions are poor. As a result, the CipherSubscriber may erroneously call onComplete() partway through the operation, which then fails due to contentLength mismatch. Additionally, as pointed out in #185, the CipherSubscriber may instead throw a NPE when amountToReadFromByteBuffer is greater than the block size.

This PR fixes both bugs by instead checking if the contentRead is equal to contentLength before signaling onComplete. If the data has not been fully read, then the CipherSubscriber passes an empty array to avoid blocking such that subsequent onNext() invocations will fill up the cipher's underlying buffer until it has enough bytes to process a full block.

Also, adds a test which was failing before this change. It requires specifying BouncyCastle as the JCE Provider as other providers (SunJCE, ACCP) return empty buffers instead of null.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@kessplas kessplas marked this pull request as ready for review March 15, 2024 21:44
@kessplas kessplas requested a review from a team as a code owner March 15, 2024 21:44
@kessplas kessplas requested a review from imabhichow March 18, 2024 18:35

@imabhichow imabhichow left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work, J!

@kessplas kessplas merged commit 8b1a686 into main Mar 19, 2024
@kessplas kessplas deleted the buffer-block-size branch March 19, 2024 01:31
josecorella pushed a commit that referenced this pull request Mar 21, 2024
## [3.1.2](v3.1.1...v3.1.2) (2024-03-21)

### Fixes

* create clients only if necessary ([#187](#187)) ([ea0c0c7](ea0c0c7))
* do not signal onComplete when the incoming buffer length is less than the cipher block ([#209](#209)) ([8b1a686](8b1a686))

### Maintenance

* fix dependabot.yml ([#190](#190)) ([5ee8b08](5ee8b08))
* modify range to allow queries specifying only the start index ([#184](#184)) ([765b9c6](765b9c6))
* **README:** detail no unencrypted pass through ([#189](#189)) ([576ea66](576ea66)), closes [#186](#186) [/github.com//issues/186#issuecomment-1973016669](https://github.com/aws//github.com/aws/amazon-s3-encryption-client-java/issues/186/issues/issuecomment-1973016669)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants